Question ddns

[erictwo]

Hey Horia,
is the ddns zone and user required to operate properly ( All my servers are static). Also do both nameservers get treated the same as far as the directions for installation (other than switching Master and Slave in Makefile). Thanks!

[horia]

is the ddns zone and user required to operate properly

ddns zone is not required. It's different from static zone because it allows DNS UPDATE from IP's other than name servers listed in its parent zone, using the protocol from rfc2136. Allowed IP's for DNS UPDATE are managed with authpf(8) i.e. user "puffy" first needs to SSH login on the master name server host to authenticate the IP from which they will next update ddns.example.com using e.g. nsupdate (pkg_add ics-bind) or dnspython (pkg_add py-dnspython) on their device.

"nsd.conf.zone.ddns.example.com" can be disabled in nsd.conf and I will patch the Makefile to exclude ddns when not needed (oops.)

ddns user isn't required without a zone with DNS UPDATE, I will clarify this, thank you.

directions for installation (other than switching Master and Slave in Makefile)

Correct, the same procedure with MASTER=yes/no in Makefile.local

Please let me know if any problems.

[erictwo]

I must be doing something really wrong. But if I don't ask I will not know. I have tried several ways but these issues stay the same.
ns1# make install
Setup success. Certificates created. Enable in nsd.conf file to use
[[ -r /var/pdns/pdns.sqlite ]] || sqlite3 /var/pdns/pdns.sqlite -init /usr/local/share/doc/pdns/schema.sqlite3.sql ".exit"
-- Loading resources from /usr/local/share/doc/pdns/schema.sqlite3.sql
[[ -r /var/pdns/pdnssec.sqlite ]] || sqlite3 /var/pdns/pdnssec.sqlite -init /usr/local/share/doc/pdns/dnssec-3.x_to_3.4.0_schema.sqlite3.sql ".exit"
-- Loading resources from /usr/local/share/doc/pdns/dnssec-3.x_to_3.4.0_schema.sqlite3.sql
Error: near line 30: no such table: records
Error: near line 31: no such table: records
Error: near line 64: no such table: supermasters
Error: near line 66: no such table: supermasters
Error: near line 88: no such table: domainmetadata
Error: near line 89: no such table: domainmetadata
group info -e tsig || user info -e tsig || { user add -u 25353 -g =uid -c "TSIG Wizard" -s /bin/ksh -m tsig; mkdir -m700 /home/tsig/.key; chown tsig:tsig /home/tsig/.key; }
[[ -r /etc/changelist-6.5 ]] || cp /etc/changelist /etc/changelist-6.5
sed -i '/changelist.local/,$d' /etc/changelist
cat /etc/changelist.local >> /etc/changelist
sed -i '/^console/s/ secure//' /etc/ttys
mtree -qef /etc/mtree/special -p / -U
etc/daily.local:
permissions (0644, 0440, modified)
etc/pf.conf:
permissions (0600, 0440, modified)
etc/resolv.conf:
permissions (0644, 0440, modified)

ns1# env ROLE=master DDNS=false zoneadd example.com
Domain example.com'' not found! (Actually example.com.zone was already in there)
Creating 'example.com'
Generating a KSK with algorithm = 13
1+0 records in
1+0 records out
512 bytes transferred in 0.000 secs (13854313 bytes/sec)
NSEC3 set, please secure and rectify your zone.
1
1+0 records in
1+0 records out
64 bytes transferred in 0.000 secs (1608566 bytes/sec)
Imported TSIG key tsig.profloors.llc hmac-sha512
error: connect (127.0.0.1@8952): Connection refused
ns1#

ns1# su - tsig
ns1$ ssh-keygen -t ed25519 -C tsig@example.com
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/tsig/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase): ( I left this with no passphrase)
Enter same passphrase again:
Your identification has been saved in /home/tsig/.ssh/id_ed25519.
Your public key has been saved in /home/tsig/.ssh/id_ed25519.pub.
The key fingerprint is: (It then generates fine.)

ns1#exit

ns1# ssh -i /home/tsig/.ssh/id_ed25519 -l tsig 111.222.33.444 \

"cat - >> /home/tsig/.ssh/authorized_keys"
< /home/tsig/.ssh/id_ed25519.pub
The authenticity of host '111.222.33.444 (111.222.33.444)' can't be established.
ECDSA key fingerprint is SHA256:jmVMX7SEnvuIj2NxDBH40oIBVFEh4G7KhoFWCsbfzRU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '111.222.33.444' (ECDSA) to the list of known hosts.
tsig@111.222.33.444's password:
Permission denied, please try again.
tsig@111.222.33.444's password:
Permission denied, please try again.
tsig@111.222.33.444's password:
tsig@111.222.33.444: Permission denied (publickey,password,keyboard-interactive).
ns1#
Was I suppose to have a password for user tsig?
Perhaps just copy ed25519.pub key over manually?

ns1# env NS="111.222.33.444" tsig-share tsig.example.com
Could not open /usr/local/share/doc/dithematic/validate.tsig: Permission denied

I will try again this evening nsd doesn't want to start without a zone loaded first so if I use zoneadd it will fail at error: connect (127.0.0.1@8952): Connection refused. Then I can rcctl start nsd and run zoneadd again and it runs through the whole process of zoneadd. Thanks for your patience.

[erictwo]

Horia, I wish I knew how to fix this one myself. Fresh Install have a couple Vultr Snapshots.
ns1# nano Makefile.local
ns1# make install
mkdir -m750 /root/dithematic/ns1.profloors.llc
(umask 077; cp -R /root/dithematic/src/* /root/dithematic/ns1.profloors.llc)
find /root/dithematic/ns1.profloors.llc -type f -exec sed -i -e 's|vio0|vio0|g' -e 's|example.com|example.com|g' -e 's|dot|ns1|g' -e 's|203.0.113.3|108.61.215.151|g' -e 's|2001:0db8::3|2001:19f0:5401:18e:5400:1ff:fefb:cf5c|g' -e 's|dig|ns2|g' -e 's|203.0.113.4|144.202.62.162|g' -e 's|2001:0db8::4|2001:19f0:5c01:1312:5400:1ff:fefb:f943|g' {} +
Super-Master
cp -p /root/dithematic/ns1.profloors.llc/var/nsd/etc/nsd.conf.master.example.com /root/dithematic/ns1.profloors.llc/var/nsd/etc/nsd.conf.master.example.com
cp: /root/dithematic/ns1.profloors.llc/var/nsd/etc/nsd.conf.master.example.com and /root/dithematic/ns1.profloors.llc/var/nsd/etc/nsd.conf.master.example.com are identical (not copied).
*** Error 1 in /root/dithematic (Makefile:167 'config')